Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt
Paul Wouters <paul.wouters@aiven.io> Mon, 06 June 2022 17:43 UTC
Return-Path: <paul.wouters@aiven.io>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26063C159492 for <openpgp@ietfa.amsl.com>; Mon, 6 Jun 2022 10:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=aiven.io
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 53nWy7qL1ZyN for <openpgp@ietfa.amsl.com>; Mon, 6 Jun 2022 10:43:34 -0700 (PDT)
Received: from mail-ej1-x62c.google.com (mail-ej1-x62c.google.com [IPv6:2a00:1450:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E66DC159490 for <openpgp@ietf.org>; Mon, 6 Jun 2022 10:43:34 -0700 (PDT)
Received: by mail-ej1-x62c.google.com with SMTP id me5so29842852ejb.2 for <openpgp@ietf.org>; Mon, 06 Jun 2022 10:43:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aiven.io; s=google; h=date:from:to:subject:in-reply-to:message-id:references:mime-version; bh=cIYlM1FN6s8Zo1Rd18Gwghh8SUTkGSFCSNUcr9PRbc0=; b=h7cvLoLd4EpxSfEC33AeB/cXNM1HLvMkivknFnZspcy9clXFBzg9JRLYy1LtlsWp3R 7bW9e18MIwfVNpYnatEmvJlW8K/wyKyN0PKoyl5Qf1jFeTXXO/I0A5Uzel9i4Y30ZNcU tyM+rFFj30FmpqBul5lOUh2hNml5rK0/vNgp8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:subject:in-reply-to:message-id :references:mime-version; bh=cIYlM1FN6s8Zo1Rd18Gwghh8SUTkGSFCSNUcr9PRbc0=; b=mX4MELxVRRss5zT7g+i/rOuq14ZSXrbazfKhCokPDP8mQYjw7do9Ot1bVHcjErn26R zwZ1ru4qnOSFnQDAwisZtB51hB70ELLUk7uWOaHptRQdhpv9yINnMA5TDvqe+5edn1Lw VMIUg204Q7yZBmT2Bq17A9fFaB5INzB/J04jqzeV/mUd6IsowcplfK/ydtPEVsiYVbAa R5pHFRzzatocwoS82RW7RTwo7xuuIMDQ7GK7PPC2tDDdcEy7tWBGLEQwwSb9NSvfOXnQ QEfuf6hWk9UHjUNL2jrAmTLpI9Ptom6As4YjQ2xO4bBnDrkJN2UksiMpp26uFNpAKFvt VEWg==
X-Gm-Message-State: AOAM531DaPzqsIuK3CW2QUjqB4fpn8sAn7tuw0wPFDuCOvZRccoh1JMq q1WqqjVDcAtMuH3Rp92N620zc3ekagBw+SR+eFTAfX1mWl/xHIaYk03uMrENbNgZ7lZ7oyHH9pc HjSwf1CYnC1TZYrLNrEDS4ty1H8GV1qTpSgyRtKrOqMpEgPky8y5qEh+lgnywQbFZneI=
X-Google-Smtp-Source: ABdhPJy+IgfqotyX3qEtCB9H/vRbUNvVc+WOUZvDDIv5jPwGSvdPhxx5alXH99z2HQLPMRJ5SwHj2g==
X-Received: by 2002:a17:907:96a0:b0:6fe:c2c7:5c66 with SMTP id hd32-20020a17090796a000b006fec2c75c66mr22667518ejc.756.1654537412138; Mon, 06 Jun 2022 10:43:32 -0700 (PDT)
Received: from bofh.nohats.ca (bofh.nohats.ca. [193.110.157.194]) by smtp.gmail.com with ESMTPSA id q24-20020aa7d458000000b0042aad9edc9bsm9086669edr.71.2022.06.06.10.43.31 for <openpgp@ietf.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jun 2022 10:43:31 -0700 (PDT)
Date: Mon, 06 Jun 2022 13:43:26 -0400
From: Paul Wouters <paul.wouters@aiven.io>
To: openpgp@ietf.org
In-Reply-To: <165453577116.17285.7902041139949315015@ietfa.amsl.com>
Message-ID: <34246965-677b-fb67-c7ff-5dae5945a985@nohats.ca>
References: <165453577116.17285.7902041139949315015@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/fZo7KQXCoej3Gr5mtQRQgC7SoT0>
X-Mailman-Approved-At: Mon, 06 Jun 2022 13:37:47 -0700
Subject: Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Jun 2022 17:43:38 -0000
On Mon, 6 Jun 2022, internet-drafts@ietf.org wrote: > Subject: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-06.txt > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-openpgp-crypto-refresh-06 A list of changes, excluding non-substantive changes, for this diff are listed below. Paul - bump to draft version -06 - update authors - Offer simple approach for v5 fingerprints on smartcards - Introduce Packet Criticality based on Packet Tags - Offer simple explanation for v5 fingerprints and smartcards - Recommend generating Intended Recipient Fingerprint - Add note that it is okay to knowingly ignore packets. - Clarify that unknown here means unknown packet type. - Partition the Packet Tag space into critical and non-critical. - Document "strict" packet type grammars - Guidance on selecting self-signatures - IANA directions about registering a new ECC curve - Describe the necessary steps to register a new elliptic curve in OpenPGP - Fix typo in Ed448 signature format - Signature Notation Data Subpacket IANA registry fixes - Fix ECDH parameters for v5 keys, recommend them for v4 keys. - Update Security Considerations section - Editorial changes to transferable key structures - Document v4 revocation certificates - Stronger recommendations for PKCS#1 parsing, minor editorial changes - Clarify that textual data is encoded in UTF-8. - Drop line about usability studies. - Added note about this work being done in a separate document - Add security considerations about fingerprint usability - Clarify that User IDs and User Attributes may be intermixed - Specify that certification revocation signatures should come first - Don't refer to "revocation self signatures" in grammar - Tweak TSK description to allow for missing secret key material. - Deprecate DSA - Deprecate Elgamal - Deprecate RSA - Align the Signature Notation Data Subpacket Notation Flag registry. - Give guidance on when to emit or omit the CRC24 footer. - Merge section "key structures" into "transferable public keys". - clean up SHA1 collision detection pointers - Refer to SHA1CD section in the hash algorithms table - Clarify Detached Signatures: multiple sigs in one detached object - Rename "Issuer" subpacket to "Issuer Key ID" subpacket - Adjust RSA keysize recommendations. - Stronger limits for RSA keys - emit a deprecation warning for deprecated ciphersuites as well - A detached signature may contain more than one signature packet - Move all key-related sections to "Key Material Packet". - Move section on Key IDs and Fingerprints. - Rework subkey advice. - Swap v3 and v5 key structure sections around, align introductions. - Mark the draft as IETF, rather than IRTF, IAB, or independent - Armor and CSF cleanup - Require selecting the most recent valid self-signature - Add zero MPI as example. - ignore signatures with mismatched internal versioning - Avoid incorrect secret key S2K parameter field count. - Add V5 key structure Subkey version MUST match primary key version. - Clarify what is stored as an EdDSA secret key - guidance about userIDs, self-sigs, and key versions - Clean up test vectors, add sample v5 cert and key - If signature's hash (+salt) don't match the header, invalidate sig. - Clarify how to specify multiple hash algorithms in armor headers. - Reverse guidance on unknown header keys. - Implementations should gracefully recover from malformed headers. - Remove the multi-part message framework. - Mandate ignoring malformed or unknown signatures - Fix cardinality of user-ids in V5 structure diagram - Add key structure of revoked V5 primary key - Add more justification for signature salts - Move an ECC Security Considerations bullet to its own subsection - Guidance about when to look for (or not look for) a UID self-sig - Clarify that a self-sig over a User ID is not required for v5 keys. - document existing convention about v4 certificates - Test Vectors: add v5 certificate and secret key - Test vectors: set off AEAD test vectors as sourcecode objects - Test vectors: OCB and GCM descriptions had copy-pasted AEAD algo identifiers - Test vectors: add ASCII-armored forms of sample v4 Ed25519 key and signature - Test vectors: clarify that the sample EdDSA key and signature use Ed25519 - Test vector: clarify that the sample signature time is in UTC - Fix sample ed25519 signature - Clarify descriptions of Argon2 test vectors, annotate as sourcecode - update acknowledgements section.
- [openpgp] I-D Action: draft-ietf-openpgp-crypto-r… internet-drafts
- Re: [openpgp] I-D Action: draft-ietf-openpgp-cryp… Paul Wouters
- [openpgp] First remarks on the last I-D (Was: I-D… Werner Koch
- Re: [openpgp] First remarks on the last I-D (Was:… Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… Justus Winter
- Re: [openpgp] First remarks on the last I-D (Was:… Stephen Farrell
- Re: [openpgp] First remarks on the last I-D (Was:… Daniel Huigens
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Ronald Tse
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D (Was:… brian m. carlson
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Werner Koch
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Paul Wouters
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D brian m. carlson
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Peter Gutmann
- Re: [openpgp] First remarks on the last I-D Stephen Farrell
- Re: [openpgp] First remarks on the last I-D Paul Schaub
- Re: [openpgp] First remarks on the last I-D Jon Callas
- Re: [openpgp] First remarks on the last I-D Robert J. Hansen
- Re: [openpgp] First remarks on the last I-D Daniel Huigens
- [openpgp] AEAD and Rome (was: First remarks on th… Werner Koch
- Re: [openpgp] AEAD and Rome (was: First remarks o… Daniel Huigens
- [openpgp] Choices for AEAD modes [was: AEAD and R… Daniel Kahn Gillmor
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Justus Winter
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Paul Wouters
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… brian m. carlson
- Re: [openpgp] Choices for AEAD modes Ronald Tse
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Werner Koch
- Re: [openpgp] Choices for AEAD modes [was: AEAD a… Stephen Farrell
- Re: [openpgp] Choices for AEAD modes Werner Koch
- Re: [openpgp] Choices for AEAD modes Stephen Farrell